Filtered by vendor Debian
Subscribe
Total
8991 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6359 | 2 Debian, Libming | 2 Debian Linux, Libming | 2019-04-26 | 6.8 MEDIUM | 8.8 HIGH |
| The decompileIF function (util/decompile.c) in libming through 0.4.8 is vulnerable to a use-after-free, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file. | |||||
| CVE-2018-6315 | 2 Debian, Libming | 2 Debian Linux, Libming | 2019-04-26 | 6.8 MEDIUM | 8.8 HIGH |
| The outputSWF_TEXT_RECORD function (util/outputscript.c) in libming through 0.4.8 is vulnerable to an integer overflow and resultant out-of-bounds read, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file. | |||||
| CVE-2018-5294 | 2 Debian, Libming | 2 Debian Linux, Libming | 2019-04-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libming 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the readUInt32 function (util/read.c). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file. | |||||
| CVE-2017-11733 | 2 Debian, Libming | 2 Debian Linux, Ming | 2019-04-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| A null pointer dereference vulnerability was found in the function stackswap (called from decompileSTACKSWAP) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. | |||||
| CVE-2017-11732 | 2 Debian, Libming | 2 Debian Linux, Ming | 2019-04-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| A heap-based buffer overflow vulnerability was found in the function dcputs (called from decompileIMPLEMENTS) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. | |||||
| CVE-2017-9989 | 2 Debian, Libming | 2 Debian Linux, Libming | 2019-04-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack. | |||||
| CVE-2017-9988 | 2 Debian, Libming | 2 Debian Linux, Libming | 2019-04-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack against parser.c. | |||||
| CVE-2018-10768 | 4 Canonical, Debian, Freedesktop and 1 more | 7 Ubuntu Linux, Debian Linux, Poppler and 4 more | 2019-04-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected. | |||||
| CVE-2018-13988 | 4 Canonical, Debian, Freedesktop and 1 more | 8 Ubuntu Linux, Debian Linux, Poppler and 5 more | 2019-04-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file. | |||||
| CVE-2017-7868 | 2 Debian, Icu-project | 2 Debian Linux, International Components For Unicode | 2019-04-23 | 5.0 MEDIUM | 7.5 HIGH |
| International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function. | |||||
| CVE-2017-7867 | 2 Debian, Icu-project | 2 Debian Linux, International Components For Unicode | 2019-04-23 | 5.0 MEDIUM | 7.5 HIGH |
| International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function. | |||||
| CVE-2018-14734 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-04-23 | 6.1 MEDIUM | 7.8 HIGH |
| drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). | |||||
| CVE-2018-13053 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-04-23 | 2.1 LOW | 3.3 LOW |
| The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used. | |||||
| CVE-2018-1066 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-04-23 | 7.1 HIGH | 6.5 MEDIUM |
| The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery. | |||||
| CVE-2018-19968 | 2 Debian, Phpmyadmin | 2 Debian Linux, Phpmyadmin | 2019-04-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system. | |||||
| CVE-2016-0655 | 5 Debian, Mariadb, Opensuse and 2 more | 5 Debian Linux, Mariadb, Leap and 2 more | 2019-04-22 | 3.5 LOW | 4.7 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to InnoDB. | |||||
| CVE-2016-0643 | 6 Debian, Ibm, Mariadb and 3 more | 6 Debian Linux, Powerkvm, Mariadb and 3 more | 2019-04-22 | 4.0 MEDIUM | 3.3 LOW |
| Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML. | |||||
| CVE-2016-0610 | 6 Canonical, Debian, Mariadb and 3 more | 7 Ubuntu Linux, Debian Linux, Mariadb and 4 more | 2019-04-22 | 3.5 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. | |||||
| CVE-2016-5766 | 6 Debian, Fedoraproject, Freebsd and 3 more | 7 Debian Linux, Fedora, Freebsd and 4 more | 2019-04-22 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image. | |||||
| CVE-2015-3636 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2019-04-22 | 4.9 MEDIUM | N/A |
| The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect. | |||||